The House Oversight and Government Reform Committee has passed the Safe and Secure Federal Websites Act, which would prohibit agencies from deploying a website that collects or stores personally identifiable information until the agency’s CIO certifies to Congress that the website is fully functional and secure (secure being defined as suitable for banking purposes).
It also dictates certain design constraints. For example, it would require that any PII elicited, collected, or stored in connection with the website is captured at the latest possible step in a user input sequence.The bill, HR-3635, introduced by KeryBentivloio, R-Mich., exempts beta websites designed for testing and development if users execute an agreement acknowledging the risks involved.
